Hi I have some customer sites that have their own firewalls and have expressed interest in getting some additional reporting to the noc/soc on traffic.
Is there any way to run the NSE in SPAN and/or TZSP mode to get traffic stats and vulnerability reporting to cnMaestro ?
They are interested in device fingerprinting at their smaller sites as well but not have the device “inline” of traffic.
Hi djdrastic
The NSE 3000 needs to be in-line with traffic so you will not be able to utilize its functionality by mirroring traffic to it.
Are you primarily looking at using it for device fingerprinting and vulnerability scans? While we do not have any immediate plans to support this mode this feedback is very useful as we consider alternative deployment models.
Thanks you!
Trevor
Hi Trevor in many installs clients have their own gateways/firewalls with proprietary configs and tunnels.
Swapping them out is usually impossible due to other teams managing networks/firewalls or require some strange esoteric feature only found in a certain brands firewall.
If it could do device fingerprinting , vuln scans , internet link quality checks and passive internet bound traffic inspections would be mega. Its easy to sell security to companies when its not a inline device in general to enterprise/businesses.
Thank you for sharing the details. Although this mode is not currently supported we’ll use this feedback as we expand the supported use cases for the NSE.
Thanks for the feedback Trevor.